Zcash has approved a network upgrade to be launched on the evening of 7/28, and the old Orchard privacy pool containing vulnerabilities will begin migrating

Zcash core developer Sean Bowe has approved the launch of the mainnet upgrade Ironwood at block height 3,428,143, with activation expected at 8:00 PM Taiwan time on July 28, one week later than the originally scheduled July 21 start. Key organizations including Electric Coin Company, the Zcash Foundation, and Shielded Labs have all committed to upgrade in sync.
(Background: Zcash Ironwood upgrade latest progress—multiple organizations have reached consensus, and formal verification and auditing are advancing in parallel)
(Additional context: ZEC rebounds 45%! Zcash development team locks in Ironwood upgrade for July launch; new privacy pool replaces the vulnerability Orchard)

Key Summary

  • Zcash approves upgrade block height 3,428,143, activates on 7/28
  • Engineers use an Anthropic AI model to uncover a coin-minting vulnerability hidden for nearly 4 years
  • After the vulnerability was made public on June 5, ZEC fell 38% within 24 hours

The block height has been set. In an X post, Zcash core developer Sean Bowe announced that the activation block height for the mainnet upgrade Ironwood (protocol version NU6.3) is confirmed as 3,428,143, expected to activate at 8:00 PM Taiwan time on July 28 this year, one week later than the originally planned July 21. Major organizations including Electric Coin Company, the Zcash Foundation, and Shielded Labs have all pledged to upgrade at the same time.

A coin-minting vulnerability hidden for nearly 4 years

Orchard is Zcash’s privacy transaction fund pool activated in May 2022. In plain terms, it is a pool that hides both the transfer amount and sender/recipient addresses from outside observers. The problem lies in a vulnerability in the Orchard pool’s zero-knowledge proof circuit—two lines of code that no one had found for almost four years.

How severe is the vulnerability? Theoretically, an attacker could mint unlimited forged ZEC within this pool. And because privacy pools are inherently anonymous, there would be no visible on-chain signs of the flaw—like a vault with a hole but no alarm installed.

This level of precision was not discovered by an audit team, nor was it found in a white-hat hacking contest. Instead, security engineer Taylor Hornby uncovered it on May 29 using an Anthropic AI model. Four days later, on June 1, the fix was quickly completed. After Shielded Labs publicly shared details on June 5, ZEC sank 38% within 24 hours as the market reacted immediately. However, Zcash’s turnstile mechanism has kept the coin-minting supply cap intact—no evidence currently suggests the vulnerability was ever exploited on mainnet.

Replace the pool and add verification checkpoints

Finding the vulnerability was only step one. Ensuring no forged ZEC gets mixed into clean funds is the real problem Ironwood aims to solve, and this upgrade introduces two layers of defense.

The first layer is to replace the old privacy pool with a new one. The new pool still uses the Orchard protocol and operates the same way, but the old Orchard pool will be phased out and will no longer accept new fund inflows—effectively sealing the potentially problematic old “vault” away.

The second layer is more granular. A control flag is added into the zero-knowledge proof circuit. In plain terms, it adds an extra switch: after activation, it can prevent users from transferring money from the privacy pool to other participants within the pool, while still allowing transfers back to their own change addresses—so users can still get change, but cannot transfer among each other internally.

Combined with the turnstile mechanism, any funds being moved out of the old Orchard pool must first pass through accounting verification checkpoints to cross-check and confirm correctness before entering the new pool. This verification step may also reveal traces left by the vulnerability.

For privacy coins built to emphasize anonymity, to prove that no forged coins have been mixed in, withdrawals must instead involve more accounting verification checkpoints—making every chunk of money moved out of the old pool go through weighing and checks first. That tug-of-war between anonymity and auditability is the most intriguing part of the Ironwood upgrade.

Fast-forward to May 9 this year: ZEC once surged to $642, up more than 650% from 2024’s low, briefly overtaking Monero (XMR) to become the privacy coin with the largest market cap. There wasn’t just one catalyst—among them, in January the SEC ended its investigation into the Zcash Foundation, Grayscale also filed a spot Zcash ETF application (ticker ZCSH). With the Ironwood progress becoming clear, ZEC’s price has recently been pushed up by about 12% again.

With nearly three weeks left until July 28, it’s likely this vulnerability episode still can’t be fully put to rest before Ironwood officially activates and the old-pool funds are completed in the migration.

Common Questions

When will the Zcash Ironwood upgrade start?

It is expected to activate at 8:00 PM Taiwan time on July 28, 2026, at block height 3,428,143, one week later than the originally scheduled July 21.

How severe is the Orchard vulnerability in Zcash?

Hidden in the zero-knowledge proof circuit for nearly 4 years, it theoretically allows infinite minting of forged ZEC while making it difficult to detect on-chain; currently the turnstile mechanism protects the total supply cap, and there is no evidence it has been exploited.

ZEC4.03%
View Original
This page may contain third-party content, which is provided for information purposes only (not representations/warranties) and should not be considered as an endorsement of its views by Gate, nor as financial or professional advice. See Disclaimer for details.
  • Reward
  • Comment
  • Repost
  • Share
Comment
Add a comment
Add a comment
No comments
  • Pinned